diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs
index 02b58a198..8201a66ec 100644
--- a/crypto/src/x509/X509V1CertificateGenerator.cs
+++ b/crypto/src/x509/X509V1CertificateGenerator.cs
@@ -1,10 +1,12 @@
using System;
+using System.IO;
using System.Collections;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Security.Certificates;
@@ -119,6 +121,7 @@ namespace Org.BouncyCastle.X509
/// This can be either a name or an OID, names are treated as case insensitive.
/// </summary>
/// <param name="signatureAlgorithm">string representation of the algorithm name</param>
+ [Obsolete("Not needed if Generate used with an ISignatureCalculator")]
public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
@@ -143,6 +146,7 @@ namespace Org.BouncyCastle.X509
/// </summary>
/// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
/// <returns>An X509Certificate.</returns>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
public X509Certificate Generate(
AsymmetricKeyParameter privateKey)
{
@@ -155,43 +159,43 @@ namespace Org.BouncyCastle.X509
/// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
/// <param name="random">The Secure Random you want to use.</param>
/// <returns>An X509Certificate.</returns>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
public X509Certificate Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
+ return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random));
+ }
+
+ /// <summary>
+ /// Generate a new X509Certificate using the passed in SignatureCalculator.
+ /// </summary>
+ /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
+ /// <returns>An X509Certificate.</returns>
+ public X509Certificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator)
+ {
+ tbsGen.SetSignature (signatureCalculator.AlgorithmDetails);
+
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
- byte[] signature;
- try
- {
- signature = X509Utilities.GetSignatureForObject(
- sigOID, signatureAlgorithm, privateKey, random, tbsCert);
- }
- catch (Exception e)
- {
- // TODO
-// throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- throw new CertificateEncodingException("exception encoding TBS cert", e);
- }
+ Stream sigStream = signatureCalculator.GetSignatureUpdater ();
- try
- {
- return GenerateJcaObject(tbsCert, signature);
- }
- catch (CertificateParsingException e)
- {
- // TODO
- // throw new ExtCertificateEncodingException("exception producing certificate object", e);
- throw new CertificateEncodingException("exception producing certificate object", e);
- }
+ byte[] encoded = tbsCert.GetDerEncoded();
+
+ sigStream.Write (encoded, 0, encoded.Length);
+
+ sigStream.Close ();
+
+ return GenerateJcaObject(tbsCert, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature());
}
private X509Certificate GenerateJcaObject(
TbsCertificateStructure tbsCert,
+ AlgorithmIdentifier sigAlg,
byte[] signature)
{
return new X509Certificate(
- new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature)));
+ new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature)));
}
/// <summary>
diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
index a683d5e20..1cbdbcfcb 100644
--- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
+++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
@@ -8,6 +8,8 @@ using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Security.Certificates;
using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Crypto.Operators;
+using System.IO;
namespace Org.BouncyCastle.X509
{
@@ -66,12 +68,13 @@ namespace Org.BouncyCastle.X509
acInfoGen.SetEndDate(new DerGeneralizedTime(date));
}
- /// <summary>
- /// Set the signature algorithm. This can be either a name or an OID, names
- /// are treated as case insensitive.
- /// </summary>
- /// <param name="signatureAlgorithm">The algorithm name.</param>
- public void SetSignatureAlgorithm(
+ /// <summary>
+ /// Set the signature algorithm. This can be either a name or an OID, names
+ /// are treated as case insensitive.
+ /// </summary>
+ /// <param name="signatureAlgorithm">The algorithm name.</param>
+ [Obsolete("Not needed if Generate used with an ISignatureCalculator")]
+ public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
@@ -127,37 +130,57 @@ namespace Org.BouncyCastle.X509
extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
}
- /// <summary>
- /// Generate an X509 certificate, based on the current issuer and subject.
- /// </summary>
- public IX509AttributeCertificate Generate(
- AsymmetricKeyParameter publicKey)
+ /// <summary>
+ /// Generate an X509 certificate, based on the current issuer and subject.
+ /// </summary>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
+ public IX509AttributeCertificate Generate(
+ AsymmetricKeyParameter privateKey)
{
- return Generate(publicKey, null);
+ return Generate(privateKey, null);
}
- /// <summary>
- /// Generate an X509 certificate, based on the current issuer and subject,
- /// using the supplied source of randomness, if required.
- /// </summary>
- public IX509AttributeCertificate Generate(
- AsymmetricKeyParameter publicKey,
+ /// <summary>
+ /// Generate an X509 certificate, based on the current issuer and subject,
+ /// using the supplied source of randomness, if required.
+ /// </summary>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
+ public IX509AttributeCertificate Generate(
+ AsymmetricKeyParameter privateKey,
SecureRandom random)
- {
- if (!extGenerator.IsEmpty)
+ {
+ return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random));
+ }
+
+ /// <summary>
+ /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
+ /// </summary>
+ /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
+ /// <returns>An IX509AttributeCertificate.</returns>
+ public IX509AttributeCertificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator)
+ {
+ if (!extGenerator.IsEmpty)
{
acInfoGen.SetExtensions(extGenerator.Generate());
}
AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo();
- Asn1EncodableVector v = new Asn1EncodableVector();
+ byte[] encoded = acInfo.GetDerEncoded();
+
+ Stream sigStream = signatureCalculator.GetSignatureUpdater();
+
+ sigStream.Write(encoded, 0, encoded.Length);
+
+ sigStream.Close();
+
+ Asn1EncodableVector v = new Asn1EncodableVector();
- v.Add(acInfo, sigAlgId);
+ v.Add(acInfo, signatureCalculator.AlgorithmDetails);
try
{
- v.Add(new DerBitString(X509Utilities.GetSignatureForObject(sigOID, signatureAlgorithm, publicKey, random, acInfo)));
+ v.Add(new DerBitString(signatureCalculator.Signature()));
return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v)));
}
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index a2293b333..ef0464a82 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -10,6 +10,7 @@ using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Security.Certificates;
using Org.BouncyCastle.Utilities.Collections;
+using Org.BouncyCastle.Crypto.Operators;
namespace Org.BouncyCastle.X509
{
@@ -129,13 +130,12 @@ namespace Org.BouncyCastle.X509
}
}
- /**
- * Set the signature algorithm. This can be either a name or an oid, names
- * are treated as case insensitive.
- *
- * @param signatureAlgorithm string representation of the algorithm name.
- */
- public void SetSignatureAlgorithm(
+ /// <summary>
+ /// Set the signature algorithm that will be used to sign this CRL.
+ /// </summary>
+ /// <param name="signatureAlgorithm"/>
+ [Obsolete("Not needed if Generate used with an ISignatureCalculator")]
+ public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
@@ -198,40 +198,55 @@ namespace Org.BouncyCastle.X509
extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
}
- /// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
- /// <param name="privateKey">The key used for signing.</param>
- public X509Crl Generate(
- AsymmetricKeyParameter privateKey)
- {
- return Generate(privateKey, null);
- }
+ /// <summary>
+ /// Generate an X.509 CRL, based on the current issuer and subject.
+ /// </summary>
+ /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
+ /// <returns>An X509Crl.</returns>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
+ public X509Crl Generate(
+ AsymmetricKeyParameter privateKey)
+ {
+ return Generate(privateKey, null);
+ }
- /// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
- /// <param name="privateKey">The key used for signing.</param>
- /// <param name="random">A user-defined source of randomness.</param>
- public X509Crl Generate(
- AsymmetricKeyParameter privateKey,
- SecureRandom random)
- {
- TbsCertificateList tbsCrl = GenerateCertList();
- byte[] signature;
+ /// <summary>
+ /// Generate an X.509 CRL, based on the current issuer and subject using the specified secure random.
+ /// </summary>
+ /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
+ /// <param name="random">Your Secure Random instance.</param>
+ /// <returns>An X509Crl.</returns>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
+ public X509Crl Generate(
+ AsymmetricKeyParameter privateKey,
+ SecureRandom random)
+ {
+ return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random));
+ }
- try
- {
- signature = X509Utilities.GetSignatureForObject(
- sigOID, signatureAlgorithm, privateKey, random, tbsCrl);
- }
- catch (IOException e)
- {
- // TODO
-// throw new ExtCrlException("cannot generate CRL encoding", e);
- throw new CrlException("cannot generate CRL encoding", e);
- }
+ /// <summary>
+ /// Generate a new X509Crl using the passed in SignatureCalculator.
+ /// </summary>
+ /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
+ /// <returns>An X509Crl.</returns>
+ public X509Crl Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator)
+ {
+ tbsGen.SetSignature(signatureCalculator.AlgorithmDetails);
- return GenerateJcaObject(tbsCrl, signature);
- }
+ TbsCertificateList tbsCertList = GenerateCertList();
+
+ Stream sigStream = signatureCalculator.GetSignatureUpdater();
+
+ byte[] encoded = tbsCertList.GetDerEncoded();
+
+ sigStream.Write(encoded, 0, encoded.Length);
+
+ sigStream.Close();
+
+ return GenerateJcaObject(tbsCertList, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature());
+ }
- private TbsCertificateList GenerateCertList()
+ private TbsCertificateList GenerateCertList()
{
if (!extGenerator.IsEmpty)
{
@@ -243,11 +258,12 @@ namespace Org.BouncyCastle.X509
private X509Crl GenerateJcaObject(
TbsCertificateList tbsCrl,
+ AlgorithmIdentifier algId,
byte[] signature)
{
return new X509Crl(
CertificateList.GetInstance(
- new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature))));
+ new DerSequence(tbsCrl, algId, new DerBitString(signature))));
}
/// <summary>
diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs
index bb0dd9cbc..252b91aa4 100644
--- a/crypto/src/x509/X509V3CertificateGenerator.cs
+++ b/crypto/src/x509/X509V3CertificateGenerator.cs
@@ -1,9 +1,11 @@
using System;
using System.Collections;
+using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
@@ -110,6 +112,7 @@ namespace Org.BouncyCastle.X509
/// Set the signature algorithm that will be used to sign this certificate.
/// </summary>
/// <param name="signatureAlgorithm"/>
+ [Obsolete("Not needed if Generate used with an ISignatureCalculator")]
public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
@@ -274,7 +277,8 @@ namespace Org.BouncyCastle.X509
/// </summary>
/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
/// <returns>An X509Certificate.</returns>
- public X509Certificate Generate(
+ [Obsolete("Use Generate with an ISignatureCalculator")]
+ public X509Certificate Generate(
AsymmetricKeyParameter privateKey)
{
return Generate(privateKey, null);
@@ -286,53 +290,48 @@ namespace Org.BouncyCastle.X509
/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
/// <param name="random">You Secure Random instance.</param>
/// <returns>An X509Certificate.</returns>
+ [Obsolete("Use Generate with an ISignatureCalculator")]
public X509Certificate Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
- TbsCertificateStructure tbsCert = GenerateTbsCert();
- byte[] signature;
-
- try
- {
- signature = X509Utilities.GetSignatureForObject(
- sigOid, signatureAlgorithm, privateKey, random, tbsCert);
- }
- catch (Exception e)
- {
- // TODO
-// throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- throw new CertificateEncodingException("exception encoding TBS cert", e);
- }
-
- try
- {
- return GenerateJcaObject(tbsCert, signature);
- }
- catch (CertificateParsingException e)
- {
- // TODO
- // throw new ExtCertificateEncodingException("exception producing certificate object", e);
- throw new CertificateEncodingException("exception producing certificate object", e);
- }
+ return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random));
}
- private TbsCertificateStructure GenerateTbsCert()
+ /// <summary>
+ /// Generate a new X509Certificate using the passed in SignatureCalculator.
+ /// </summary>
+ /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
+ /// <returns>An X509Certificate.</returns>
+ public X509Certificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator)
{
- if (!extGenerator.IsEmpty)
- {
- tbsGen.SetExtensions(extGenerator.Generate());
- }
+ tbsGen.SetSignature (signatureCalculator.AlgorithmDetails);
+
+ if (!extGenerator.IsEmpty)
+ {
+ tbsGen.SetExtensions(extGenerator.Generate());
+ }
+
+ TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
+
+ Stream sigStream = signatureCalculator.GetSignatureUpdater ();
+
+ byte[] encoded = tbsCert.GetDerEncoded();
+
+ sigStream.Write (encoded, 0, encoded.Length);
+
+ sigStream.Close ();
- return tbsGen.GenerateTbsCertificate();
+ return GenerateJcaObject(tbsCert, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature());
}
private X509Certificate GenerateJcaObject(
TbsCertificateStructure tbsCert,
+ AlgorithmIdentifier sigAlg,
byte[] signature)
{
return new X509Certificate(
- new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature)));
+ new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature)));
}
/// <summary>
|
